Checkmarx Improper Resource Access Authorization
Question
I am using the Checkmarx security tool to scan my code, it is saying that when I execute executeUpdate() commands to the database that is "Improper Resource Access Authorization."
Various Googling with no success.
int rowInserted = preparedStatement.executeUpdate();
2 answers
solution1
0 ACCPTED 2019-09-10 02:53:22
Add some code that performs access control checks that makes use of words like " admin ", " authoriz " or " allowed "
if (user.equals("admin")){
int rowInserted = preparedStatement.executeUpdate();
}
solution2
0 2021-11-26 10:24:52
Just add a method to your class:
private static boolean checkAuthorization(String userName) {
return userName.equals("authorization");
}
and check your string with:
if (checkAuthorization("authorization")) {
int rowInserted = preparedStatement.executeUpdate();
}
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.
Related Question
Improper Resource Access Authorization error in checkmarx when reading a property
Improper Access Control Authorization -Checkmarx - File Read/Write Operation
Checkmarx: Improper Exception Handling with Mybatis resultMap in Java
Improper Resource Shutdown or Release
How to resolve Improper Resource Shutdown or Release issue
Veracode CWE ID 404 Improper Resource Shutdown or Release
Spring resource server authorization with two different Authorization servers, loses principal
Resteasy Authorization design - check a user owns a resource
Request HTTP rest resource with custom headers and authorization?
Spring OAuth2 Resource and Authorization servers
Related Tags